If you really have NO idea at all

Learn the basics of how to exploit JavaScript.

If you really have NO idea at all

Post by andre_roesti on Fri Mar 26, 2010 2:14 pm
([msg=37336]see If you really have NO idea at all[/msg])

Hello all,

This is my first Post here. ;-) If its not allowed to post Things like this, please let me know and i'll delete it. Thank you.

When there's something like this in the code:
Code: Select all
if(x == moo)

The Browser has to know the value of 'moo'. So, if you really have no Idea at all how to solve a Mission, you can always enter the following in your addressbar to get the Answer:
Code: Select all
javascript:alert(moo);


Greetings from Switzerland
André
andre_roesti
New User
New User
 
Posts: 3
Joined: Fri Mar 26, 2010 1:04 pm
Blog: View Blog (0)


Re: If you really have NO idea at all

Post by Goatboy on Fri Mar 26, 2010 4:01 pm
([msg=37342]see Re: If you really have NO idea at all[/msg])

This is not always the case. What if moo is the result of a complex encryption function?
Assume that everything I say is or could be a lie.
1UHQ15HqBRZFykqx7mKHpYroxanLjJcUk
User avatar
Goatboy
Expert
Expert
 
Posts: 2782
Joined: Mon Jul 07, 2008 9:35 pm
Blog: View Blog (0)


Re: If you really have NO idea at all

Post by andre_roesti on Fri Mar 26, 2010 4:10 pm
([msg=37343]see Re: If you really have NO idea at all[/msg])

But to compare the two values, the Browser has to know the value of 'moo'?! Otherwise it couldn't say you if it's right or not.

Or did i forget something?

Greetings from Switzerland
André
andre_roesti
New User
New User
 
Posts: 3
Joined: Fri Mar 26, 2010 1:04 pm
Blog: View Blog (0)


Re: If you really have NO idea at all

Post by r-ID on Fri Mar 26, 2010 4:38 pm
([msg=37344]see Re: If you really have NO idea at all[/msg])

you are forgetting something, you can get any value at any time, but... your input might be encoded or any other way manipulated and only then compared, even hash function could be used, but your goal might be correct input.
Last edited by r-ID on Fri Mar 26, 2010 4:39 pm, edited 1 time in total.
r-ID
Poster
Poster
 
Posts: 172
Joined: Mon Dec 29, 2008 6:04 pm
Blog: View Blog (0)


Re: If you really have NO idea at all

Post by Goatboy on Fri Mar 26, 2010 4:39 pm
([msg=37345]see Re: If you really have NO idea at all[/msg])

If it's entirely in JavaScript (which means all on the client's side) then yes, it is technically possible (although it might be difficult due to encoding) to glean any info you want that is contained within that script. But since this is extremely vulnerable, most "sensitive" values will be stored on the server and compared there.
Assume that everything I say is or could be a lie.
1UHQ15HqBRZFykqx7mKHpYroxanLjJcUk
User avatar
Goatboy
Expert
Expert
 
Posts: 2782
Joined: Mon Jul 07, 2008 9:35 pm
Blog: View Blog (0)


Re: If you really have NO idea at all

Post by andre_roesti on Sat Mar 27, 2010 4:11 am
([msg=37368]see Re: If you really have NO idea at all[/msg])

Yes, of course i spoke about the case when everything is client-side. :-)

Very nice forum here! Thank you all for the fast answers.

Greetings from Switzerland
andre_roesti
New User
New User
 
Posts: 3
Joined: Fri Mar 26, 2010 1:04 pm
Blog: View Blog (0)



Return to Javascript

Who is online

Users browsing this forum: No registered users and 0 guests